Notice ID: 36C10B24Q0212
OIS has developed a strategic plan to protect Veterans’ and VA information. As part of this strategic direction and, in accordance with the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the VA seeks to strengthen the cybersecurity of its IT infrastructure and provide solutions to support and enhance the Department’s mission. The VA is also responsive to Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) direction and VA Office of Inspector General (OIG) Findings concerning network threats. To ensure compliance and mission success, OIS stood up an Enterprise Security Architecture (ESA) Department which focuses on information security throughout the VA Enterprise and is an overarching effort to implement a cohesive security architecture that utilizes national security standards, guidelines, and policies, an ESA Framework (i.e., Cybersecurity Framework), Enterprise Architecture Design Patterns, Reference Architectures, considers privacy implications, and enables industry standards. The support provided helps the VA create, discover, and architect (emphasizing the importance of aligning enterprise architecture requirements to the reference security architecture), document, and analyze cybersecurity solutions that will ensure Veteran and VA information is not subjected to unacceptable risk when new technologies and solutions are employed.
The ESA Task Order (TO) helps accomplish the OIS Cybersecurity Strategy and helps ensure the resiliency of VA’s cybersecurity infrastructure through proactive monitoring, adaptive responses, adherence to Federal requirements, best practices, and by defining, developing, and implementing the various aspects of ESA required to maintain the confidentiality, integrity, and availability of Veteran and VA information. ESA also leverages Contractor support to provide artifacts that link the organizational and business levels to lower technical, logical-structure and systems levels to enable the deployment of new and secure technologies with consistency through implementation guidance and the establishment of an analytic library. The expertise needed to satisfy this requirement spans a broad range of technologies, technical challenges and user experience to include but not limited to: mobile and medical devices, cloud ecosystems, Internet of Things (IoT), zero trust, software defined networks, enterprise architecture, artificial intelligence (AI), virtual reality/extended reality (VR/XR), 5G, Transport Layer Security, block chain, Post Quantum Cryptography (PQC); application testing and deployment, analysis, defining business processes, and systems design, Enterprise Architecture Tools, Microsoft (MS) Project and VISIO.
The Contractor shall provide technical and programmatic support services to include the development, maintenance of the ESA artifacts, administrative engineering support, and the facilitation of the enterprise-wide use of the VA ESA. The VA ESA shall support an integrated VA-wide risk management program in accordance with NIST SP 800-39, Managing Information Security Risk, Organization (High Level), Mission (Business), and the Information System View (System views may include but would not be limited to logical, data, and tactical). The VA ESA shall be comprehensive and consist of artifacts that support the VA risk management process at the: (i) organization level (VA-level); (ii) mission/business process level (Veterans Health Administration, Veterans Benefits Administration, National Cemetery Administration, and Veterans Affairs Central Office); and (iii) information system level.
The VA ESA has an approved VA ESA Strategy and shall adhere to the strategy to address the evolving threat landscape, support VA Business and IT Modernization initiatives, and take advantage of new and emerging security approaches and technologies. The Contractor shall provide multi-domain support to address VA’s scope, size and complexity, which includes but is not limited to enterprise architecture, emerging technologies, networks, mobile, specialized domain areas (healthcare, medical devices, cybersecurity, IT Modernization, large-scale architecture, risk management, etc.). The Contractor shall have the specialized technical and cybersecurity expertise needed to advance the new technologies that VA introduces such as: the merging of Electronic Health Records, cloud computing, Application Programming Interfaces (APIs), specialized networks (i.e., software and security perimeter and defined networks), IoT, analytic ecosystems, 5G, medical devices, IP V6, PQC, Transport Layer Security (TLS) and VR/XR, block chain, etc.
Want to get involved with OS AI? - A small number of Sponsorship Opportunities are now available here. Starting at $500.